[In Progress] possible rootkit

I was redirected to this website from lenovo.com because i detect a rootkit witch i have not been able to remove!The rootkit was detected by GMER and was not given any name. GMER detected changes to the master boot record, hidden files in system32 and rootkit behavior. I remove all threats with GMER and reprogramed the master boot record but i still have suspicious activities on my computer. My firewall have a lot of listings which says XXXX-server and a lot of strange network connections, even when all programs are closed. Pleas help..

I go by Hoov, and I will be helping you with your problem. I am also the one that redirected you here. I must ask you to do a few things for me.

First, tell me everything that you have done, to try and fix this problem.Also tell me any other problems you are having, no matter how small or long you have been dealing with them.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

I had this problem for a month or two, it started with a search for some programing tools, and so i tried a few free ones, something i apparently shouldn't have done. I noticed that i got a lot of strange bat files all over the operating system, a lot of network traffic, and strange firewall rules who all ended with "server". So i decided to try to scan the computer with different malware tools including GEMER witch reported changes to the master boot record, a notification of rootkit behavior in the operating system and infected hidden files in system32.Then i presided to fix the master boot record myself since it's an easy thing to do. I then used "OneKey Recovery" to solve the problem completely, but it didn't seem to do the trick. Im still experiencing some strange network activity and "server" rules in the firewall. I have also experienced some other strange problems like network card stop working, suddenly missing or incorrect drivers notifications and touchpad stop working.

Answer to your questions:This computer is private and belongs to me so there wont be any problems. il give you free range to tamper with it in any way you might see fit to solve the problem.I'm also only using this forum to try to fix the issues and i have backed up the machine, and no encryption is used, so all should be set to go.

GMER GMER reported changes to the master boot record, a notification of rootkit behavior in the operating system and infected hidden files in system32. After i reprogrammed the master boot record i was unable to replicate the report, but the network activities and firewall rules remains..

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click on it to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Logged

Former Consumer Security MVP 2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Run a scan with ADWCleaner again, go thru each tab and make sure everything is checked. Then click the clean button and post the resulting log.

Let me know how that goes.

Do you know how to start Windows Cleanly?

As for TDSSKiller, please do not run scans unless I ask for them. It is possible for these tools to do damage to your system if run at the wrong time or manner. Right now I think the items found by TDSSKiller are legitimate items. But we have not gotten to that point yet.

Logged

Former Consumer Security MVP 2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!